Thursday, July 30, 2009

Deny SSH brute attack via iptables

iptables rules:
#iptables -A INPUT -p tcp --dport 22 -i ethx -m state --state NEW -m recent --set
#iptables -A INPUT -p tcp --dport 22 -i ethx -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
如此一來,本機於1分鐘內收到超過5個以上的SSH連線需求時,第5個SSH connection就會被drop掉.

緊接著用hping測試連續送出n個TCP port 22 SYN,看看第5個SSH connection是否會被drop:


Reference:
http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
http://tuxtraining.com/2009/06/23/stop-ssh-brute-force-attack-using-susefirewall

No comments: